West Hampstead Flowers Privacy Policy

Privacy Notice for Customers

This privacy policy informs our customers in West Hampstead and the surrounding districts about how West Hampstead Flowers gathers, uses, stores, shares, and protects your personal information when you place an order with us. We are committed to complying with the General Data Protection Regulation (GDPR) and always act transparently and responsively in relation to your data.

Who Does This Policy Apply To?

This policy applies to any individual who places an order with West Hampstead Flowers, including customers from West Hampstead and surrounding districts. It covers our practices relating to personal data gathered via our website, in-person orders, and over the phone.

What Personal Data We Collect

We collect, store, and process personal data that you provide directly to us when making an enquiry or placing an order. Depending on your interaction, we may collect the following information:

  • Your name
  • Your contact information (such as phone number, address, delivery address, and, where applicable, email)
  • Payment details (such as card information, processed through secure third-party payment processors)
  • Order details, delivery instructions, and messages to recipients
  • Correspondence with us, including queries and feedback
  • Billing address and order history

We do not collect more information than is necessary to fulfil your order and provide our services.

Lawful Basis for Processing

We process your data under one or more of the following lawful bases as outlined in Article 6 of the GDPR:

  • Contractual necessity: To process and deliver your order, respond to customer queries, and manage billing and payment.
  • Legal obligation: To comply with tax and accounting laws and regulatory requirements.
  • Legitimate interests: For customer service purposes, service improvement, and to address feedback, except where overridden by your interests or fundamental rights.
  • Consent: For marketing communications if you have specifically opted in. You can withdraw consent at any time.

How We Use Your Personal Data

Your information is used for purposes such as:

  • Processing and fulfilling your orders
  • Communicating with you regarding your order, updates, and any queries
  • Arranging payment and invoicing
  • Improving our services and internal record-keeping
  • Compliance with legal and regulatory obligations
  • With your explicit consent, sending you marketing or promotional offers

How Long We Keep Your Data

We retain your personal data only as long as reasonably necessary for the purposes outlined in this policy, or to comply with our legal obligations. This includes:

  • Order and invoice records: Retained for up to seven years to meet accounting and tax requirements.
  • Customer contact information: Retained for up to two years from your last interaction, unless you ask us to erase your data sooner, provided no outstanding order or legal obligation remains.
  • Marketing data: Retained until you withdraw consent.

Once data is no longer required for these purposes, it will be securely deleted or fully anonymised.

Data Processors and Sharing Your Data

Your personal data may be shared with trusted third-party service providers (data processors) to facilitate our service. These include:

  • Payment processing companies (to handle secure card payments)
  • IT service providers and cloud storage solutions
  • Delivery couriers (for order delivery purposes)
  • Accounting and bookkeeping professionals

We require all our third-party processors to respect the security of your data, to use it only for intended purposes, and to act in accordance with GDPR. We do not sell or rent your personal data to third parties for marketing purposes.

International Transfers

West Hampstead Flowers seeks to keep your data within the UK and the European Economic Area (EEA) wherever possible. Should we need to transfer information outside of the EEA, we ensure such transfers are compliant with GDPR by relying on adequacy decisions, standard contractual clauses, or other lawful means of data transfer.

How We Keep Your Data Secure

We take protection of your information seriously. Appropriate security measures are implemented to prevent unauthorised access, alteration, disclosure, or destruction of your personal data. These include physical, electronic, and managerial procedures such as password protection, encrypted storage, and staff training in data privacy.

Your Rights Under GDPR

You have a number of rights relating to your personal information under GDPR. In summary, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request erasure of your data in certain circumstances
  • Restrict or object to our processing of your information
  • Request transfer of your data to another service provider (data portability)
  • Withdraw consent at any time (where applicable)
  • Lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data has been mishandled

To exercise your rights or for further information, please contact us using the details on our website or via the customer service channels provided at the time of order.

Updates to This Privacy Policy

We may update this policy from time to time to reflect changes to our data practices or legal requirements. Any significant changes will be communicated via our website or at the point of order. We recommend you review this privacy notice periodically to stay informed about how we are protecting your information.

Contact and Further Information

If you have questions about this privacy policy, your data rights, or our data protection practices, please contact us using the current customer service channels listed on our website or provided when placing an order. We value your trust and privacy and welcome any questions or feedback you may have.